of 22
8/6/2019 Lesson 7 - Overview of HIPAA
1/22
Overview of Health
Insurance Portability andAccountability Act
(HIPAA) of 1996
8/6/2019 Lesson 7 - Overview of HIPAA
2/22
Introduction
Recognizing the need to safeguard information
in this tumultuous age, nationwide regulations,
years in the making, were introduced under the
Health Insurance Portability and Accountability
Act (HIPAA) signed into law on 1996.
In the years that followed, it appeared that the
delays in implementation might lead to itsdemise.
8/6/2019 Lesson 7 - Overview of HIPAA
3/22
Overview of
HIPAA
The Health Insurance Portability and
Accountability Act (HIPAA) was signed
into law by President Clinton in 1996. The Office for Civil Rights (OCR) is the
Departmental component responsible for
implementing and enforcing the privacyregulation.
8/6/2019 Lesson 7 - Overview of HIPAA
4/22
Overview of
HIPAA
Guaranteeing the security and privacy of
health information has been the focus of
numerous debates. One of the biggest stumbling blocks to
implementation of comprehensive
standards for privacy was the associatedcost.
8/6/2019 Lesson 7 - Overview of HIPAA
5/22
Overview of
HIPAA
The Administrative Simplification portion
of this law is intended to decrease the
financial and administrative burdens bystandardizing the electronic transmission
of certain administrative and financial
transactions.
8/6/2019 Lesson 7 - Overview of HIPAA
6/22
Overview of
HIPAA
The Privacy Requirements went into effect on
April 14, 2003 and limit the release of protected
healthcare information (PHI) without the
patients knowledge and consent.
According to the US Department of Health and
Human Services (2002), there are certain rights
provided to patients by the Privacy Rule.
8/6/2019 Lesson 7 - Overview of HIPAA
7/22
Overview of
HIPAA
On October 16, 2003 the ElectronicTransaction and Code Set Standards became
effective.
The Security Requirements went into effect onApril 21, 2005 and requires the covered
entities to put safeguards into place thatprotect the confidentiality, integrity andavailability of protected health informationwhen stored and transmitted electronically.
8/6/2019 Lesson 7 - Overview of HIPAA
8/22
Overview of
HIPAA
Safeguards need to be in place to control
access whether the data and information are at
rest, residing on a machine or storage medium,
being processed or in transmission such as
being backed up to storage or disseminated
across a network.
HIPAA, with its privacy, confidentiality andsecurity regulations became the first national
rules for protecting the patients health
information.
8/6/2019 Lesson 7 - Overview of HIPAA
9/22
Overview of
HIPAA
As information becomes more prevalent
in electronic formats, it will be easier to
collect, store, monitor, track, exchange,disseminate and aggregate PHI across
covered entities including healthcare
networks and data repositories.
8/6/2019 Lesson 7 - Overview of HIPAA
10/22
Overview of
HIPAA
The HIPAA standards are designed to smooth
the path and actually increase the amount of
electronic transmissions.
The American National Standards Institute
(ANSI) X12N and Health Level 7 (HL7)
Standards Organizations worked together to
develop an electronic standard for claimsattachments to recommend to HHS (Spencer
and Bushman, 2006, 2).
8/6/2019 Lesson 7 - Overview of HIPAA
11/22
Overview of
HIPAA
HL7 was initially associated with HIPAA
in 1996 through the creation of a Claims
Attachments Special Interest Groupcharged with standardizing the
supplemental information needed to
support healthcare insurance and other e-
commerce transactions.
8/6/2019 Lesson 7 - Overview of HIPAA
12/22
Health Level 7
(HL7 )
Health Level 7 (HL7) - Level Seven in HL7s
name means the highest level of the
International Standards Organization's (ISO)
communications model for Open Systems
Interconnection (OSI) - the application level.
The application level addresses definition of
the data to be exchanged, the timing of theinterchange, and the communication of certain
errors to the application.
8/6/2019 Lesson 7 - Overview of HIPAA
13/22
Overview of
HIPAA
The HL7 mission is supported through
two separate groups, the XML Special
Interest Group and the StructuredDocuments Technical Committee.
ISO is a non-governmental organization:
its members are not, as is the case in theUnited Nations system, delegations of
national governments.
8/6/2019 Lesson 7 - Overview of HIPAA
14/22
Overview of
HIPAA
It is evident that many organizations haveguidelines, standards and rules to helphealthcare entities collect, store, manipulate,
dispose of and exchange secure PHI. HIPAA guarantees the security and privacy of
health information and curtails health care fraudand abuse while enforcing standards for health
information.
8/6/2019 Lesson 7 - Overview of HIPAA
15/22
United States
and Beyond
The Gramm-Leach-Bliley Act (GLBA) is federal
legislation in the United States to control how
financial institutions handle the private
information they collect from individuals.
Sarbanes-Oxley Act (SOX) was legislation that
was put in place to protect shareholders as well
as the public from deceptive accountingpractices in organizations.
8/6/2019 Lesson 7 - Overview of HIPAA
16/22
HIPAA
HIPAA Privacy Rule is intended to
enhance the rights of individuals.
This rule provides them with greateraccess and control over their PHI.
They can control its uses, dissemination
and disclosures.
8/6/2019 Lesson 7 - Overview of HIPAA
17/22
HIPAA
Covered entities must not only establish a
required level of security for PHI but also
sanctions for employees who violate theirprivacy policies and administrative
processes for responding to patient
requests regarding their information.
8/6/2019 Lesson 7 - Overview of HIPAA
18/22
Securing Information
In A Network
8/6/2019 Lesson 7 - Overview of HIPAA
19/22
Fair Use of Information and
Sharing Copyright laws in the world of technology
are notoriously misunderstood.
The same copyright laws that cover
physical books, artwork, and other creative
material are still applicable in the digital
world.
8/6/2019 Lesson 7 - Overview of HIPAA
20/22
Offsite Use of Portable Devices
If a device is lost or stolen, the agency must haveclear procedures in place to help insure thatsensitive data does not get released or usedinappropriately.
The Department of Health and Human Services(2006) identifies potential risks and proposes riskmanagement strategies for accessing, storing, andtransmitting EPHI. Visit this website for detailed
tabular information (p 4-6) on potential risks andrisk management strategies:http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf
8/6/2019 Lesson 7 - Overview of HIPAA
21/22
Thought Provoking Questions1. Joseph Kiram, a diabetes nurse educator
recently read an article in an onlinejournal that he accessed through his
health agencys database subscription.The article provided a comprehensivechecklist for managing diabetes in olderadults that he prints and distributes to hispatients in a diabetes education class.Does this constitute fair use or is this acopyright violation?
8/6/2019 Lesson 7 - Overview of HIPAA
22/22
Thought Provoking Questions
2.Ms. Zenne Sue is a COPD clinic nurse enrolled in aMasters education program. She is interested in writinga paper on the factors that are associated with poorcompliance with medical regimens and associated re-
hospitalization of COPD patients. She downloadspatient information from the clinic database to a thumbdrive that she later accesses on her home computer.Sue understands rules about privacy of information andbelieves that since she is a nurse and needs this
information for a graduate school assignment that she isentitled to the information. Is Ms. Sue correct in herthinking? Give your rationale.